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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )I3 Responsive to communication(s) filed on 23 July 2004 . 
2a)D This action is FINAL. 2b)l3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) H Claim(s) 1-16 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) [x] Claim(s) 1^16 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 1 9(a)-(d) or (f). 

a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachments) 

1 ) I3 Notice of References Cited (PTO-892) * 
-2) Q-Notiee of Draftsperson's Patent Drawing Review (PTO-948) 
3) (3 Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 
Paper No(s)/Mail Date see attached . o 



4) D Interview Summary (PTO-413) 

Paper No(s)/Mail Date. . 

5) □ Notice of Informal Patent Application (PTO-152) 
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DETAILED ACTION 

Information Disclosure Statement 

1. The information disclosure statements (IDS) submitted on July 23, 2004, August 

1 . 2003, and July 1 8, 2003 are in compliance with the provisions of 37 CFR 1 .97. The 
examiner has considered the information disclosure statements. 

Specification 

2. Applicant is reminded of the following requirement: 

In a continuation or divisional application (other than a continued prosecution 
application filed under 37 CFR 1 .53(d)), the first sentence of the specification or 
application data sheet (37 CFR 1 .76) should include a reference to the prior 
application(s) from which benefit of priority is claimed. See 37 CFR 1 .78. The following 
format is suggested: "This is a continuation of Application No. 09/159,514, filed 
September 24, 1998, now U.S. Patent No. 6,598,167." 

Claim Objections 

3. Claims 1 ,2, and 5 are objected to because of the following informalities: 

In claim 1, on line 7, it is recited of a "secure server" wherein other instances in 
the claim, it is referred to as "secure web server". In claim 2, on line 10, it is also of a 
"secure server" wherein other instances in the claim, it is referred to as "secure web 
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server". The examiner is interpreting the secure server to be that of the secure web 
server. 

In claim 2, line 4, it is recited of "said secure system" which is a lack of 
antecedent basis. 

In claim 6, lines 4-5, it is recited of "said session management cookie" that is a 
lack of antecedent basis. 

Appropriate correction is required. 



Double Patenting 

4. The nonstatutory double patenting rejection is based on a judicially created 
doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the 
unjustified or improper timewise extension of the "right to exclude" granted by a patent 
and to prevent possible harassment by multiple assignees. See In re Goodman, 1 1 
F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 

USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 
1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970);and, In re Thorington, 
418 F.2d 528, 163 USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1 .321 (c) may be 
used to overcome an actual or provisional rejection based on a nonstatutory double 
patenting ground provided the conflicting application or patent is shown to be commonly 
owned with this application. See 37 CFR 1 . 1 30(b). 

Effective January 1 , 1994, a registered attorney or agent of record may sign a 
terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 
37 CFR 3.73(b). 

5. Claims 1 -1 6 are rejected under the judicially created doctrine of obviousness- 
type double patenting as being unpatentable over claims 1-16 of U.S. Patent No. 
6,598,167. Although the conflicting claims are not identical, they are not patentably 
distinct from each other because claims 1-16 of the instant application are envisioned 
by patent claims 1-16 in that claims 1-16 of the patent contain all the limitations of 
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claims 1-16 of the instant application. Claims 1-16 of the instant application therefore is 
not patentably distinct from the earlier patent claims, and as such, is unpatentable for 
obvious-type double patenting. 



Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. Claims 1 ,7, and 8 are rejected under 35 U.S.C. 1 03(a) as being unpatentable 
over Crichton et al, U.S. Patent 6,104,716 in view of Shin et al, U.S. Patent 5,987,134. 

As per claim 1 , Crichton et al discloses of a security system for a 
communications network management having an integrated customer interface. A 
secure web server manages secure sessions on the Internet and supports secure 
socket layer for encrypted communications. The secure web server provides session 
management including customer identification, validation, and session management to 
link the session with the customer. A dispatch server communicates with the secure 
web server through a first firewall and communicates with a plurality of proxy services 
and system resources using an internal network. A plurality of system resources 
provide communication network management capabilities for the customer and the 
system resources are responsive to a request to generate client data relating to the 
communications network (col. 2, lines 23-28; col. 3, lines 56-67; col. 6, lines 30-33; col. 



Application/Control Number: 10/621 ,800 Page 5 

Art Unit: 2131 

7, lines 1-30; and as shown in Figure 4). The teachings of Crichton et al are silent in 
disclosing use the use of verifying customer entitlements. It is disclosed by Shin et al of 
verifying user access rights (customer entitlements) prior to permitting access to 
resources (col. 5, lines 29-33). It would have been obvious to a person of ordinary skill 
in the art at the time of the invention to have been motivated to protect resources by 
verifying user entitlements making the user provide their rights to use resources. Shin 
et al recites motivation for the use of verifying user access rights by disclosing that 
unauthorized users can gain access to protected resources and there exists a need to 
protect the resources by verifying the legitimacy of the user's request (col. 2, lines 6-13). 
By verifying the user's entitlements, it is obvious that the teachings of Crichton et al 
would have allowed its resources to only be granted to authorized users based on their 
entitlements. 

As per claim 7 and 8, Crichton et al teaches of the secure web server 
communicating with the dispatch server over an encrypted socket connection that 
includes encryption between the secure web server and the dispatch server (col. 6, 
lines 30-33 and as shown in Figure 4). 

8. Claims 2,5, and 9 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Crichton et al, U.S. Patent 6,104,716 in view of Shin et al, U.S. Patent 5,987,134 in 
further view of Shambroom, U.S. Patent 5,923,756. 

As per claim 2, Crichton et al discloses of a plurality of clients (comprising web 
browsers) that enable interactive secure communication with secure system and 
provide an integrated interface for the customer. The clients (comprising web browsers) 
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support client authentication and secure sockets layer communication protocol that 
includes mutual authentication (col. 2, lines 23-28; col. 3, lines 56-67; col. 6, lines 30-33; 
col. 7, lines 1-30; and as shown in Figure 4). The combined teachings of Crichton et al 
and Shin et al do not disclose of using digital certificates as means of authentication. It 
is disclosed by Shambroom of the use of digital certificates for authentication in SSL 
from one party to another (col. 7, lines 25-51 and col. 10, lines 25-38), It would have 
been obvious to a person of ordinary skill in the art at the time of the invention to have 
been motivated to use certificates as means of authenticating two parties to one 
another. Shambroom recites motivation for the use of certificates in SSL 
communications by disclosing that the certificate holds a public key that is used to 
derive a session key that is later used to encrypt future transactions (col. 7, lines 34-58). 
It is obvious that the combined teachings of Crichton et al and Shin et al would have 
further been protected by using a certificate to carry and protect key information that 
can be used for establishing SSL connections. 

As per claim 5, Crichton et al discloses that the client (comprising a web browser) 
encrypts client identification, authentication, and session management information by 
use of SSL during each transmission (col. 6, lines 30-33 and col. 7, lines 1-30). 

As per claim 9, it is taught by Crichton et al that encryption algorithms are used 
for transmission of all customer data between the secure web server and the client 
(comprising a browser) and for transmission between the secure web server and 
dispatch server (col. 6, lines 16-46). 
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9. Claims 3,4, and 6 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Crichton et al, U.S. Patent 6,104,716 in view of Shin et al, U.S. Patent 5,987,134 in 
further view Shi et al, U.S. Patent 5,875,296. 

As per claim 3, Crichton et al discloses of client identification to link a session 
with a customer through a plurality of discrete client communications the session to 
verify the customer to the dispatch server at each transmission with the dispatch server 
(col. 2, lines 23-28; col. 3, lines 56-67; col. 6, lines 30-33; col. 7, lines 1-30; and as 
shown in Figure 4). The combination of the teachings of Crichton et al and Shin et al 
are silent in disclosing of the use of cookie generation. It is disclosed by Shi et al of the 
generation of cookies that are to be used by a client (col. 3, lines 22-46). It would have 
been obvious to a person of ordinary skill in the art at the time of the invention to have 
recognized the need to maintain client identification information. Shi et al recites 
motivation for the use of cookies by disclosing that the client doesn't need to repeatedly 
transfer identification information over the network (col. 3, lines 42-46). It is obvious that 
the combined teachings of Crichton et al and Shin et al would have found the disclosure 
of Shi et al beneficial as a means of saving valuable network bandwidth by not 
repeatedly transferring the same information over a network by instead using a cookie 
to avoid those transmissions. 

As per claim 4, Shi et al discloses that the cookie is generated by a program on a 
separate server (col. 3, lines 22-46). Shin et al is relied upon for use of verifying user 
access rights (customer entitlements) prior to permitting access to resources (col. 5, 
lines 29-33). 
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As per claim 6, Crichton discloses of simultaneous session management for a 
plurality of system resource platforms (col. 7, lines 1-30). Shi et al is relied upon for the 
use of cookies that maintain client identification (col. 3, lines 22-46). 



Allowable Subject Matter 

1 0. Claims 11-16 are allowed over the prior art upon submission and entry of a 
terminal disclaimer. 

1 1 . The following is a statement of reasons for the indication of allowable subject 
matter: 

It was not found to be taught in the prior art of an encryption layer to provide 
encryption of each client session with a public key provided by the communication 
network. Each session includes session authentication with a client cookie generated 
by the system wherein the session cookie is encrypted with the public key during 
transmission or each transaction request to a secure server. 

12. Claim 10 is objected to as being dependent upon a rejected base claim, but 
would be allowable if: 1 .) rewritten in independent form including all of the limitations of 
the base claim and any intervening claims and 2.) upon entry of a terminal disclaimer. 
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Conclusion 



1 3. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Please see attached PTO-892 

14. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Christopher A. Revak whose telephone number is 571 - 
272-3794. The examiner can normally be reached on Monday-Friday, 6:30am-4:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



Christopher Revak 
AU 2131 



CR 

September 19, 2004 




